From e449caa853f7c3c7e7ec5ab359a48653bc97f537 Mon Sep 17 00:00:00 2001
From: Al-Amin Firdows <alaminfirdows@gmail.com>
Date: Wed, 22 Oct 2025 14:06:31 +0600
Subject: [PATCH] feat: enhance editorjs integration by allowing inline code
 rendering and updating allowed HTML tags

---
 config/laravel_editorjs.php                | 26 +++++++++++++------
 resources/views/blocks/checklist.blade.php |  2 +-
 resources/views/blocks/header.blade.php    |  2 +-
 resources/views/blocks/list.blade.php      |  2 +-
 resources/views/blocks/paragraph.blade.php |  2 +-
 resources/views/blocks/quote.blade.php     |  6 ++---
 resources/views/blocks/table.blade.php     |  4 +--
 src/helpers.php                            | 29 ++++++++++++++++++++++
 8 files changed, 56 insertions(+), 17 deletions(-)

diff --git a/config/laravel_editorjs.php b/config/laravel_editorjs.php
index 1a60fdd..cf5cd86 100644
--- a/config/laravel_editorjs.php
+++ b/config/laravel_editorjs.php
@@ -6,13 +6,13 @@
             'paragraph' => [
                 'text' => [
                     'type'        => 'string',
-                    'allowedTags' => 'i,b,a[href],code[class],mark[class]',
+                    'allowedTags' => 'i,b,a[href],code[class],mark[class],span[class]',
                 ],
             ],
             'header'    => [
                 'text'  => [
                     'type'        => 'string',
-                    'allowedTags' => 'a[href],mark[class]',
+                    'allowedTags' => 'a[href],mark[class],span[class]',
                 ],
                 'level' => [1, 2, 3, 4, 5, 6],
             ],
@@ -26,7 +26,7 @@
                     'data' => [
                         '-' => [
                             'type'        => 'string',
-                            'allowedTags' => 'i,b,a[href],code[class],mark[class]',
+                            'allowedTags' => 'i,b,a[href],code[class],mark[class],span[class]',
                         ],
                     ],
                 ],
@@ -79,7 +79,7 @@
                 ],
                 'caption'        => [
                     'type'        => 'string',
-                    'allowedTags' => 'i,b,a[href],code[class],mark[class]',
+                    'allowedTags' => 'i,b,a[href],code[class],mark[class],span[class]',
                 ],
                 'withBorder'     => 'boolean',
                 'withBackground' => 'boolean',
@@ -95,7 +95,7 @@
                             'data' => [
                                 '-' => [
                                     'type'        => 'string',
-                                    'allowedTags' => 'i,b,a[href],code[class],mark[class]',
+                                    'allowedTags' => 'i,b,a[href],code[class],mark[class],span[class]',
                                 ],
                             ],
                         ],
@@ -105,11 +105,11 @@
             'quote'     => [
                 'text'      => [
                     'type'        => 'string',
-                    'allowedTags' => 'i,b,a[href],code[class],mark[class]',
+                    'allowedTags' => 'i,b,a[href],code[class],mark[class],span[class]',
                 ],
                 'caption'   => [
                     'type'        => 'string',
-                    'allowedTags' => 'i,b,a[href],code[class],mark[class]',
+                    'allowedTags' => 'i,b,a[href],code[class],mark[class],span[class]',
                 ],
                 'alignment' => [
                     0 => 'left',
@@ -138,7 +138,7 @@
                             'data' => [
                                 'text' => [
                                     'type' => 'string',
-                                    'allowedTags' => 'i,b,a[href],code[class],mark[class]',
+                                    'allowedTags' => 'i,b,a[href],code[class],mark[class],span[class]',
                                 ],
                                 'checked' => 'boolean',
                             ],
@@ -166,6 +166,16 @@
                 'height'  => 'integer',
                 'caption' => 'string',
             ],
+            'warning' => [
+                'title' => [
+                    'type' => 'string',
+                    'allowedTags' => 'i,b,a[href],code[class],mark[class],span[class]',
+                ],
+                'message' => [
+                    'type' => 'string',
+                    'allowedTags' => 'i,b,a[href],code[class],mark[class],span[class]',
+                ],
+            ],
         ],
     ],
 ];
diff --git a/resources/views/blocks/checklist.blade.php b/resources/views/blocks/checklist.blade.php
index 9c6d077..28379cc 100644
--- a/resources/views/blocks/checklist.blade.php
+++ b/resources/views/blocks/checklist.blade.php
@@ -2,7 +2,7 @@
     @foreach($data['items'] as $item)
         <li>
             <input type="checkbox" {{ $item['checked'] ? 'checked' : '' }} disabled>
-            <span>{!! $item['text'] !!}</span>
+            <span>{!! editorjs_render_inline_code($item['text'] ?? '') !!}</span>
         </li>
     @endforeach
 </ul>
diff --git a/resources/views/blocks/header.blade.php b/resources/views/blocks/header.blade.php
index 0c49107..2232d84 100644
--- a/resources/views/blocks/header.blade.php
+++ b/resources/views/blocks/header.blade.php
@@ -3,4 +3,4 @@
 $tag = "h{$level}";
 @endphp
 
-<{{ $tag }}>{{ $data['text'] ?? '' }}</{{ $tag }}>
\ No newline at end of file
+<{{ $tag }}>{!! editorjs_render_inline_code($data['text'] ?? '') !!}</{{ $tag }}>
diff --git a/resources/views/blocks/list.blade.php b/resources/views/blocks/list.blade.php
index 5d19c51..3f3d028 100644
--- a/resources/views/blocks/list.blade.php
+++ b/resources/views/blocks/list.blade.php
@@ -5,6 +5,6 @@
 
 <{{ $tag }}>
     @foreach($data['items'] as $item)
-    <li>{{ $item }}</li>
+    <li>{!! editorjs_render_inline_code($item) !!}</li>
     @endforeach
 </{{ $tag }}>
diff --git a/resources/views/blocks/paragraph.blade.php b/resources/views/blocks/paragraph.blade.php
index 4bfef6e..c3824eb 100644
--- a/resources/views/blocks/paragraph.blade.php
+++ b/resources/views/blocks/paragraph.blade.php
@@ -1 +1 @@
-<p>{{ $data['text'] }}</p>
+<p>{!! editorjs_render_inline_code($data['text'] ?? '') !!}</p>
diff --git a/resources/views/blocks/quote.blade.php b/resources/views/blocks/quote.blade.php
index c3d2880..927e1f8 100644
--- a/resources/views/blocks/quote.blade.php
+++ b/resources/views/blocks/quote.blade.php
@@ -11,8 +11,8 @@
 @endphp
 
 <blockquote class="editor-quote">
-    <p class="{{ $class }}">{{ $data['text'] }}</p>
+    <p class="{{ $class }}">{!! editorjs_render_inline_code($data['text'] ?? '') !!}</p>
     @if (!empty($data['caption']))
-    <small class="{{ $class }}">— {{ $data['caption'] }}</small>
+    <small class="{{ $class }}">— {!! editorjs_render_inline_code($data['caption']) !!}</small>
     @endif
-</blockquote>
\ No newline at end of file
+</blockquote>
diff --git a/resources/views/blocks/table.blade.php b/resources/views/blocks/table.blade.php
index 9ec861d..d67e8fe 100644
--- a/resources/views/blocks/table.blade.php
+++ b/resources/views/blocks/table.blade.php
@@ -4,8 +4,8 @@
         @php $tag = ($loop->first && $data['withHeadings']) ? 'th' : 'td'; @endphp
 
         @foreach($row as $cell)
-        <{{ $tag }}> {{ $cell }} </{{ $tag }}>
+        <{{ $tag }}> {!! editorjs_render_inline_code($cell) !!} </{{ $tag }}>
         @endforeach
     </tr>
     @endforeach
-</table>
\ No newline at end of file
+</table>
diff --git a/src/helpers.php b/src/helpers.php
index 6e64464..27483d8 100644
--- a/src/helpers.php
+++ b/src/helpers.php
@@ -11,3 +11,32 @@ function editorjs()
         return app(LaravelEditorJs::class);
     }
 }
+
+if (! function_exists('editorjs_render_inline_code')) {
+    /**
+     * Render text allowing only <span class="inline-code"> ... </span> tags; escape everything else.
+     */
+    function editorjs_render_inline_code(?string $text): string
+    {
+        if ($text === null || $text === '') {
+            return '';
+        }
+
+        // Escape everything first
+        $escaped = e($text);
+
+        // Unescape ONLY <span class="inline-code"> and </span>
+        // Convert the exact escaped opening tag back to real HTML
+        $escaped = str_replace('&lt;/span&gt;', '</span>', $escaped);
+
+        // Replace opening span with class="inline-code" only
+        // Use a regex to match exactly class="inline-code" (order and spacing normalized by browser is irrelevant here as we control the output)
+        $escaped = preg_replace(
+            '/&lt;span\s+class=&quot;inline-code&quot;&gt;/i',
+            '<span class="inline-code">',
+            $escaped
+        );
+
+        return $escaped;
+    }
+}